Slashdot Mirror
Liberty Alliance Gains Momentum
kabanossen writes "News.com reports that AOL is joining the Liberty Alliance, which is a coalition of tech companies who are creating an alternative to Microsoft's Passport. Other members of the alliance are Sun, Nokia, Real Networks and General Motors "This provides a common language for authentication to ensure no one company controls the single authentication network" said a rep. " Mmmm...open standards. Hopefully.
With the track record of AOL, the last thing we need is people running software similar to AoHeLL on the new authentication system, and hijacking people's accounts.
Microsoft has Passport. This alliance offers another alternative. Both push our society towards a "know your neighbor", or perhaps "know your customer" model.
I remember a few years ago there being a pretty significant backlash against banks attempting the "Know your customer" model of business.
Let's not forget the "None of the above" option when contemplating these systems. Identification of a person is not always necessary or prudent, for a multitude of reasons.
sorry, but I don't want AOL to have my credit card info, just as I don't want Microsoft to have it.
when will these companies learn that we don't want a huge easily hackable database with all of our info in it? I'm quite happy memorizing my credit card number and providing it only when I feel it's necessary. With these passport like services, it's way too easy for a company to get you to sign in to get free service, and then simply start billing you after 'n' days, since they already have your credit card info, etc, in their database... At least now they have to send you a bill, or at the very least you have to provide a credit card number for a free trial...
I personally don't care if it's Microsoft, or some other tech company... I don't feel overally confident that a huge database with all of our info in it on the web is not going to get hacked...
---
Programming is like sex... Make one mistake and support it the rest of your life.
This is better than no competition for Passport but not so good as if there were some aggressive and international lobbying and development of public, universal and non-proprietary authentication. This is like watching Fed Ex and UPS duke it out over who gets to run the U.S. Mail.
It Is the Nature of Information to Transgress Artificial Boundaries
Sorry, but I can't see where this will be a whole lot better.
Okay, yeah, we definately know that AOL will provide the IM:) But what are the odds of a patent-free, royalty free standard? Zero. Check out the faq.
To be verified to use their tech, you'll likely have to either pay an exorbitant fee to join, pay an exorbitant 'license fee', or both.
Of course, there is no problem with charging to validate against, say, an AOL server, or store information there. But can even DEVELOPMENT occur without significant costs? No.
The only selling point to this seems to be "we're not Microsoft".
(And again, could somebody please explain the advantages? Most people on the street I've spoken with don't seem interested in having anybody store their CC and other personal information. And before you mention banks and credit card companies, most people would be quite pleased if they didn't have the info either.)
Jesus was all right but his disciples were thick and ordinary. -John Lennon
I haven't been keeping up with this, and (I admit it) I'm too lazy to read the article carefully. What is the Liberty Alliance's stance on centralization? I certainly don't want Microsoft holding all my info on a centralized server, but I don't trust any of these folks all that much more. I'd really rather have it on my own machine, encrypted, with very specific as-needed permissions for releasing individual details. This should work in such a way that a malicious third party finds it difficult to cross-reference, say, my e-mail account and my medical records having retrieved each individually.
So where does the Liberty Alliance stand on this? Are my wishes way beyond the scope of this project -- is it a question of "which faceless corporation's basket do you trust with all your eggs"?
Perhaps the Liberty Alliance group is taking their public relations cues from politics - it sounds 'shameful' to turn down something called 'The Patriot Act' regardless of what its details are. Maybe they are aiming for the same kind of thing in defeating passport.
[Note: I was unable to determine if this post is a trollish type thing. I guess the moderators will tell me.]
Mmmm...open standards. Hopefully.
Someone take the crack pipe away from Hemos.
These will be competing proprietary standards to M$'s dontNET lockin standard. To prevent M$ from embracing, extending and extinguishing, all the key pieces will be protected with patents and trademarks and every other bit of legal jiggery they can use. Just like with JAVA, the liberty *ack* *gagh* alliance will not allow these to become free and open standards, they will smack any free version in order to create a legal precedent for when (not IF) they have to go after M$.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
The bottom line was: since a lot of people here in Sweden use internet banking, and we all hope it is really secure, then your internet bank account would be one safe way of identifying you. So why not make banks account the basis of a net passport? Rather that than make Microsoft the key to my bank account!
Ebay now allows authentication via passport. Logging in from a win2k box or winxp box for ebay is automatic.
It's too AOL is so myopic about standards. On the one hand you have Mozilla and perhaps this and then on the other you have AIM.
I've got the karma to burn, so let me just don my "Captain Obvious" hat here...
America Online? Open standards? You're joking, right?
I seriously doubt that I need to explain myself here.
And don't even think about pointing me in this direction.
"Mod, mod, mod...and another troll bites the dust."
I just don't get all this. We do not need a centralized personal information system. That much is apparent. Not from Microsoft and not from anybody else.
These companies are doing all this stuff just for the sake of *doing* it, to spite and fight Microsoft. Nothing more.
While I'm not blind to the fact that whoever controls all this information will have a measure of power, it remains to be seen if people actually buy into the whole thing. Microsoft may claim 88 gazillion-trillion Passport subscribers, but how many of those are really one-time half-filled and fake entries used to get a temporary spamming Hotmail account? How many people are actually dumb enough to store their credit card information in a Passport (or whatever)? With all the negetive press e-commerce site hack-ins have received in the past few years I'd be surprised this constitutes any significant percentage of Passport users, even among clueless computer users.
The whole industry is overestimating this supposedly "next killer thing" for the Internet. But, predictively enough, the lemmings have all decided to jump over the cliff together. Well then, let them be squashed together.
Keep all the data local, but allow third parties to access it. I choose that SomeShop.com may read my creditcard and address info and if it changes, they automatically have the new data when they request it.
Even better, they would not have to store my details themselves. I do a lot of e-shopping and there are quite a few e-commerce shops that store my creditcard info. To be honest, I couldn't even name all the stores that do without going through my creditcard invoices.
The FSF or another capable OSS team should join this Alliance (that, or I should stop being lazy, start being capable and start coding).
I have no problem with third parties accessing an encrypted database through encrypted channels, served by an open source applications running on my own server. Yes, it's still vulnerable, but it puts the vulnerability and control in *my* hands.
Hm, but I will continue to be lazy. And the FSF would never create a cross-platform wallet that integrates with the 90% desktop OS. I guess our best hopes are with this Alliance?
(on the other hand, I've placed hundreds of orders in the past years with a creditcard and unless I'm really making so much money that I don't even notice, my card hasn't been abused a single time)
34 companies isn't exactly a monopoly. Compare to a Microsoft-owned one company scenario.
What's dangerous, however, is that this 34 company oligopoly is the one that is likely to be the main influence in the SSS-CA and any regulation that results if that bill ever passes. They will have no qualms crushing your freedom to support their revenue models... "Liberty Alliance". Some joke.
I do not have a signature
the most ***important*** sentence in the article
"The sober truth is that although consumers are bothered by multiple user IDs and passwords, most consumers don't see much relative value in having one credential to navigate the Web," Avivah Litan, vice president and research director for Gartner, said in a statement.
before "single sign on" becomes useful, let's consider just some of things that don't exist now, that are needed to make it useful/valuable/necessary...to Joe/Jane Average
1. micropayments - we've been talking about them for years..still no standards, still no positive participation from the major central banking systems..PayPal has had to fight to get as far as it has
2. user authentication - biometrics are coming along nicely, but they have no useful installed base to speak off, and the first gen laptops with biometric user control has no way to "authenticate" the user
3. encryption - no agreement on standards, with the US Gov fighting ANY kind of suggestion to implement standard encryption of email, and pushing for "back doors" in every type of system they can
4. trust - who do you want to have access to ALL your confidential info - Armey, Bush, Case, Daschle, Ellison, Gates, Gephardt, Levin, McNealy, Murdoch, Rather, Redstone?????? All of these individuals (and their respective orgs) have been repeatedly shown to be driven by, UH, "goal achieveing orientation" and NOT by "philosophical/ethical/moral orientation"
5. Systems Security - even if you perceive that you trust the above folk to know that you peruse "Teletubbie FreakySex Sites" or "Death, The Beginning of your New Love Life" newsgroups,
ALL of these orgs have systems with major security flaws...so even with the "best of intentions"...chances are the whole world will find out what you did with that purple teletubbie doll...(and if you keep the video in "My Pictures" we can probably all watch it, too).
i just attended MS Professional Developers Conference in Los Angeles, where PassPort "single sign on" was a BIG push by the MS marketeers...most of the attendees couldn't have cared less
it's much more likely that after all the members of the "Billionaire Boyz Klub" are done with wrangling over "single sign on" as a way to insure "vendor lock in", that the G will step in, and shove their vision of this down ***EVERYBODIES" throats..."for our own good", of course
Ten quid, she's so easy to blind. And not a word is spoken...
It sounds like the Liberty Alliance is trying to create a set of common standards and not, as many people are freaking over, a second centralized database.
.NET is a good thing I think.
If they can come up with a decentralized yet intercompatible way of authentication then they might be on to something positive! Anything that can be done to prevent a Microsoft having a total strangle hold with
In these times, I can't believe people are saying something called the "Liberty Alliance" is a bad thing. Dear God, you people must all be atheist, Communists. Or maybe Muslim extremists. I will support the good old US of A by letting anyone and everyone associated with the Liberty Alliance have all of my personal information. It's the patriotic thing to do!
Some people are just too cynical...
If all you have are silver bullets, everything looks like a werewolf.